SQL injection explained: How these attacks work and how to prevent them

There are several types of SQL injection, but they all involve an attacker inserting arbitrary SQL into a web application database query. The good news? SQLi is the lowest of the low-hanging fruit for both attackers and defenders. Structured Query Language (SQL) injection is a type of attack that can give an adversary complete control over your web application database by inserting arbitrary SQL into a database query.